The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks

2020-01-23 Paloalto Networks

https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/

Thumbnail for The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks

Unit 42 described a campaign using malicious documents with North Korea-themed Russian-language lures to target a U.S. government agency and foreign nationals associated with North Korea. The malware set included CARROTBAT downloaders, a newer CARROTBALL FTP downloader, and SYSCON RAT payloads. CARROTBALL was embedded in a malicious Word document and used FTP to facilitate installation of SYSCON. The campaign showed evolution from the earlier Fractured Block activity while retaining similar targeting, lure themes, and document-based delivery tradecraft.

Indicators of Compromise

Type Value First Seen Last Seen
HASH bdd90ed7e40c8324894efe9600f2b26… 2020-01-23 2020-01-23
HASH ad63b8677c95792106f5af0b99af04e… 2020-01-23 2020-01-23
HASH a761b47ab25dc2aa66b2f8ad4ab9636… 2020-01-23 2020-01-23
HASH 56924402a17393e542f6bf5b02cd030… 2020-01-23 2020-01-23
HASH 6fa895d0472e87dea3c5c5bd6774488… 2020-01-23 2020-01-23
HASH f3d3fa4c76adfabd239accb453512af… 2020-01-23 2020-01-23
HASH 63c3817a5e9984aaf59e8a61ddd5479… 2020-01-23 2020-01-23
HASH a4f858c6b54683d3b7455c9adcf2bb6… 2020-01-23 2020-01-23
HASH c3ac29e4b0c5e1a991d703769b94c07… 2020-01-23 2020-01-23
HASH 989c042ab9a07b11026bce78dc091f2… 2020-01-23 2020-01-23
HASH 4b8790e9cb2f58293c28e695bec0a35… 2020-01-23 2020-01-23
HASH c1a9b923fc1f81d69bd0494d296c758… 2020-01-23 2020-01-23
HASH 9dfe3afccada40a05b8b34901cb6a63… 2020-01-23 2020-01-23
HASH 4958fe8c106200da988c22957821513… 2020-01-23 2020-01-23
HASH 42e874d96cb9046cd4113d04c1c5463… 2020-01-23 2020-01-23
EMAIL [email protected] 2020-01-23 2020-01-23
EMAIL [email protected] 2020-01-23 2020-01-23
EMAIL [email protected] 2020-01-23 2020-01-23
EMAIL [email protected] 2020-01-23 2020-01-23
DOMAIN lookplease.c1.biz 2020-01-23 2020-01-23
DOMAIN downyes.c1.biz 2020-01-23 2020-01-23
DOMAIN downplease.c1.biz 2020-01-23 2020-01-23
IPv4 185.176.43.94 2020-01-23 2020-01-23
HASH ceb8093507911939a17c6c7b39475f5… 2020-01-05 2020-01-23
HASH 7d2b1af486610a45f78a573af9a9ad0… 2020-01-05 2020-01-23
HASH 52ba17b90244a46e0ef2a653452b26b… 2020-01-05 2020-01-23
HASH ed63e84985e1af9c4764e6b6ca513ec… 2020-01-05 2020-01-23
HASH 4c201f9949804e90f94fe91882cb8aa… 2020-01-05 2020-01-23
DOMAIN panda2019.eu5.org 2020-01-05 2020-01-23
IPv4 162.253.155.226 2020-01-05 2020-01-23
IPv4 69.197.143.12 2020-01-05 2020-01-23
DOMAIN handicap.eu5.org 2019-08-19 2020-01-23

Related Actors

Related Reports

« Back